Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Research on Registry Analysis based Malware Detection Method

Registry 분석을 통한 악성코드 감염여부 탐지 방법 연구

  • Published : 2017.05.28
Download PDF
⟨ Previous Next ⟩

Abstract

A registry is a hierarchy database which is designed to store information necessary for operating system and application programs in Windows operating system, and it is involved in all activities such as booting, logging, service execution, application execution, and user behavior. Digital forensic is widely used. In recent years, malicious codes have penetrated into systems in a way that is not recognized by the user, and valuable information is leaked or stolen, causing financial damages. Therefore, this study proposes a method to detect malicious code by using a shareware application without using expensive digital forensic program, so as to analysis hacking methods and prevent hacking damage in advance.

윈도우 운영체제(Operating System)에서 OS와 어플리케이션 프로그램 운영에 필요한 정보를 저장하기 위해 개발된 계층형 DB인 registry는 부팅에서 사용자 로그인, 응용 서비스 실행, 어플리케이션 프로그램 실행, 사용자 행위 등 모든 활동에 관여하기 때문에, registry를 분석을 통한 디지털증거획득이 많이 사용되고 있다. 최근 사용자가 인식하지 못하는 방법으로 악성코드가 시스템에 침투하여 귀중한 기술정보를 유출하거나 도용하여 금전적 피해가 많이 발생하고 있다. 따라서 본 연구에서는 고가의 디지털포렌식 프로그램 사용 없이 셰어웨어 어플리케이션을 이용하여 악성코드를 탐지하는 방법을 제시하여 해킹의 피해를 분석하고 동일한 피해를 예방하기 위해 본 연구를 진행하였으며, 악성코드를 탐지하고 분석하기 위해 고가의 상용프로그램을 사용하지 않고도 정확히 분석할 수 있기 때문에 학문적 기여도는 클 것으로 기대한다.

Keywords

References

  1. R. M. Saidi, S. A. Ahmad, N. M. Noor and R. Yunos, "Windows registry analysis for forensic investigation," 2013 The International Conference on Technological Advances in Electrical, Electronics and Computer Engineering (TAEECE), Konya, pp. 132-136, 2013.
  2. Han-Gi Kim, Doon-Won Kim, and Jong-Seong Kim, "A Forensic Analysis Study on One Modification of Registry Access", Journal of the Korea Institute of Information Security and Cryptology, Vol. 26, No 5, pp. 1131-1139, 2016 https://doi.org/10.13089/JKIISC.2016.26.5.1131
  3. B. Yoo, J. Bang, K. S. Lim and S. Lee, "Analysis of Window Transactional NTFS(TxF) and Transactional Registry(TxR) in the Digital Forensic Perspective," 2nd International Conference on Computer Science and its Applications, Jeju, Korea (South), pp. 1-5, 2009.
  4. Shuhui Zhang, Lianhai Wang and Lei Zhang, "Extracting windows registry information from physical memory," 3rd International Conference on Computer Research and Development, Shanghai, pp. 85-89, 2011.
  5. Yoon-Su Jeong, Kun-Hee Han, Sang-Ho Lee, "Access Control Protocol for Privacy Guarantee of Patient in Emergency Environment", The Journal of Digital Convergence, Vol. 12, No. 07.6, pp. 279-284, 2014. https://doi.org/10.14400/JDC.2014.12.7.279
  6. Jung-Hoon Kim, Jun-Young Go, Keun-Ho Lee, "A Scheme of Social Engineering Attacks and Countermeasures Using Big Data based Conversion Voice Phishing", Korea Convergence Society, Vol. 6, No. 1, pp. 85-92, 2015.
  7. MyounJae Lee, "Prevention Method for Wireless LAN Threats and War Driving Attack", The Journal of Digital Convergence, Vol. 12, No. 10.7, pp. 501-508, 2014.
  8. WooSik Bae, "Mutual authentication and Formal Verification in M2M Environment", The Journal of Digital Convergence, Vol. 12, No. 09.5, pp. 219-224, 2014.
  9. J. Upchurch and X. Zhou, "Malware provenance: code reuse detection in malicious software at scale," 2016 11th International Conference on Malicious and Unwanted Software (MALWARE), Fajardo, PR, USA, pp. 1-9, 2016.
  10. B. Dixon, "Investigating clustering algorithm DBSCAN to self select locations for power based malicious code detection on smartphones," 2017 Third International Conference on Mobile and Secure Services (MobiSecServ), Miami Beach, FL, USA, pp. 1-7, 2017.
  11. Cheol-Joo Chae, Han-Jin Cho, "Smart Fusion Agriculture based on Internet of Thing", Journal of the Korea Convergence Society, Vol. 7. No. 6, pp. 49-54, 2016. https://doi.org/10.15207/JKCS.2016.7.6.049
  12. A. Mohsin, S. Asghar and T. Naeem, "Intelligent security cycle: A rule based run time malicious code detection technique for SOAP messages," 2016 19th International Multi-Topic Conference (INMIC), Islamabad, pp. 1-10, 2016.
  13. L. Zhiyong, S. Sai, H. Chengdong and W. Xueyu, "Detection Method of WEB Malicious Code Based on Link Analysis," 2016 International Symposium on Computer, Consumer and Control (IS3C), Xi'an, pp. 511-514, 2016.
  14. J. Lee, H. Kim, H. Yoon and K. Lee, "How to detect unknown malicious code efficiently?," 2015 International Conference on Computing, Communication and Security (ICCCS), Pointe aux Piments, Mauritius, pp. 1-5, 2015.
  15. Byung-chul Kim, "A Internet of Things(IoT) based exploration robot design for remote control and monitoring", Journal of digital Convergence, Vol. 13, No. 1, pp. 185-190, 2015. https://doi.org/10.14400/JDC.2015.13.1.185